VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

TeamPCP strikes Checkmarx again: Jenkins AST plugin replaced

TeamPCP снова атакует Checkmarx: подменён Jenkins AST плагин

Colleagues, a cybersecurity alert: TeamPCP published a modified Checkmarx Jenkins AST plugin.

Brief:
- Checkmarx confirmed safe version 2.0.13-829.vc72453fa_1c16 (17.12.2025); later 2.0.13-848.v76e89de8a_053 released.
- SOCRadar and researcher Adnan Khan report repo access, defacement and renaming.
- Continues TeamPCP campaign: compromises of KICS Docker, VS Code extensions, GitHub Actions, and brief npm Bitwarden CLI compromise.

Actions: verify plugin version, rotate credentials, review remediations.

Why it matters: supply-chain attacks scale rapidly and exfiltrate developer secrets.

What supply-chain protections do you prioritize?
#cybersecurity #supplychain #DevSecOps #Checkmarx

Latest comments

No comments yet.